using System;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Web;



namespace IRL.Utilities
{

    public class Security
    {
        // TODO change cookie name
        private const string UID_COOKIE = "irl_id"; // irl_id
        private const string ROLE_COOKIE = "irl_role"; // irl_role
        private string __redirectURL;
        private int __currentModule;
        private int __userID, __roleID;
        private int __permission;
        private bool __noRedirect;

        public Security()
        { }

        public Security(int module)
        {
            __currentModule = module;
            __userID = Convert.ToInt32(GetCookie(UID_COOKIE));
            __roleID = Convert.ToInt32(GetCookie(ROLE_COOKIE));
            __redirectURL = "login.aspx";
            __noRedirect = false;
        }

        private string GetCookie(string cookieName)
        {

            HttpCookie myCookie = HttpContext.Current.Request.Cookies[cookieName];
            if (myCookie != null)
            {
                return myCookie.Value;
            }
            else
            {
                return null;
            }
        }

        public string RedirectURL
        {
            get { return __redirectURL; }
            set { __redirectURL = value; }
        }

        public void Authenticate()
        {
            object connStr = ConfigurationSettings.AppSettings["sqlConn"];
            using (SqlConnection conn = new SqlConnection(connStr.ToString()))
            {
                SqlCommand cmd = new SqlCommand("sp_GetPermission", conn);
                cmd.CommandType = CommandType.StoredProcedure;
                // TODO change field in DB
                cmd.Parameters.Add("@irl_id", SqlDbType.Int).Value = __userID;
                cmd.Parameters.Add("@irl_role", SqlDbType.Int).Value = __roleID;
                cmd.Parameters.Add("@module", SqlDbType.Int).Value = __currentModule;
                conn.Open();
                __permission = (int)cmd.ExecuteScalar();
            }
            // Redirect if not authenticated
            if (__permission < 1 && __noRedirect == false)
            {
                HttpContext.Current.Response.Redirect(__redirectURL);
            }

        }

        public void Authenticate(bool NotRedirect)
        {
            __noRedirect = NotRedirect;
            Authenticate();
        }

        public bool IsReadOnly()
        {
            if (__permission == 1)
            {
                return true;
            }
            else
            {
                return false;
            }
        }

        public bool IsAuthorized(int requirePermission)
        {
            if (__permission < requirePermission)
            {
                return false;
            }
            else
            {
                return true;
            }
        }

    }
}
